feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #976 from levi-wolfssl/PemToDer-overflow-fix

Browse Source 
Fix potential buffer over-read in PemToDer()
This commit is contained in:
toddouska
2017-06-22 10:07:11 -07:00
committed by GitHub
parent 06fa3de31c a37808b32c
commit d017274bff
1 changed files with 40 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
src/ssl.c
View File

@@ -4159,22 +4159,45 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
{ {
/* remove encrypted header if there */ /* remove encrypted header if there */
char encHeader[] = "Proc-Type"; char encHeader[] = "Proc-Type";
char* line = XSTRNSTR(headerEnd, encHeader, PEM_LINE_LEN); word32 headerEndSz = (word32)(bufferEnd - headerEnd);
if (line) { char* line = XSTRNSTR(headerEnd, encHeader, min(headerEndSz,
char* newline; PEM_LINE_LEN));
if (line != NULL) {
word32 lineSz;
char* finish; char* finish;
char* start = XSTRNSTR(line, "DES", PEM_LINE_LEN); word32 finishSz;
char* start;
word32 startSz;
char* newline;
if (!start) if (line >= bufferEnd) {
start = XSTRNSTR(line, "AES", PEM_LINE_LEN); return SSL_BAD_FILE;
}
if (!start) return SSL_BAD_FILE; lineSz = (word32)(bufferEnd - line);
if (!info) return SSL_BAD_FILE; start = XSTRNSTR(line, "DES", min(lineSz, PEM_LINE_LEN));
finish = XSTRNSTR(start, ",", PEM_LINE_LEN); if (start == NULL) {
start = XSTRNSTR(line, "AES", min(lineSz, PEM_LINE_LEN));
}
if (start && finish && (start < finish)) { if (start == NULL) return SSL_BAD_FILE;
newline = XSTRNSTR(finish, "\r", PEM_LINE_LEN); if (info == NULL) return SSL_BAD_FILE;
if (start >= bufferEnd) {
return SSL_BAD_FILE;
}
startSz = (word32)(bufferEnd - start);
finish = XSTRNSTR(start, ",", min(startSz, PEM_LINE_LEN));
if ((start != NULL) && (finish != NULL) && (start < finish)) {
if (finish >= bufferEnd) {
return SSL_BAD_FILE;
}
finishSz = (word32)(bufferEnd - finish);
newline = XSTRNSTR(finish, "\r", min(finishSz, PEM_LINE_LEN));
if (XMEMCPY(info->name, start, finish - start) == NULL) if (XMEMCPY(info->name, start, finish - start) == NULL)
return SSL_FATAL_ERROR; return SSL_FATAL_ERROR;
@@ -4182,8 +4205,10 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
if (XMEMCPY(info->iv, finish + 1, sizeof(info->iv)) == NULL) if (XMEMCPY(info->iv, finish + 1, sizeof(info->iv)) == NULL)
return SSL_FATAL_ERROR; return SSL_FATAL_ERROR;
if (!newline) newline = XSTRNSTR(finish, "\n", PEM_LINE_LEN); if (newline == NULL)
if (newline && (newline > finish)) { newline = XSTRNSTR(finish, "\n", min(finishSz,
PEM_LINE_LEN));
if ((newline != NULL) && (newline > finish)) {
info->ivSz = (word32)(newline - (finish + 1)); info->ivSz = (word32)(newline - (finish + 1));
info->set = 1; info->set = 1;
} }